chrome/browser/policy/ssl_error_overriding_allowed_policy_browsertest.cc - chromium/src - Git at Google

 // Copyright 2020 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "chrome/browser/interstitials/security_interstitial_page_test_utils.h"
 #include "chrome/browser/policy/policy_test_utils.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/policy/core/common/policy_map.h"
 #include "components/policy/core/common/policy_types.h"
 #include "components/policy/policy_constants.h"
 #include "components/prefs/pref_service.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/test/browser_test.h"
 #include "content/public/test/browser_test_utils.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "url/gurl.h"

 namespace policy {

 // Test that when SSL error overriding is allowed by policy (default), the
 // proceed link appears on SSL blocking pages.
 IN_PROC_BROWSER_TEST_F(PolicyTest, SSLErrorOverridingAllowed) {
   net::EmbeddedTestServer https_server_expired(
       net::EmbeddedTestServer::TYPE_HTTPS);
   https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
   https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data");
   ASSERT_TRUE(https_server_expired.Start());

   const PrefService* const prefs = browser()->profile()->GetPrefs();

   // Policy should allow overriding by default.
   EXPECT_TRUE(prefs->GetBoolean(prefs::kSSLErrorOverrideAllowed));

   // Policy allows overriding - navigate to an SSL error page and expect the
   // proceed link.
   ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
   content::WebContents* tab =
       browser()->tab_strip_model()->GetActiveWebContents();
   WaitForInterstitial(tab);

   // The interstitial should display the proceed link.
   EXPECT_TRUE(chrome_browser_interstitials::IsInterstitialDisplayingText(
       tab->GetMainFrame(), "proceed-link"));
 }

 // Test that when SSL error overriding is disallowed by policy, the
 // proceed link does not appear on SSL blocking pages and users should not
 // be able to proceed.
 IN_PROC_BROWSER_TEST_F(PolicyTest, SSLErrorOverridingDisallowed) {
   net::EmbeddedTestServer https_server_expired(
       net::EmbeddedTestServer::TYPE_HTTPS);
   https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
   https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data");
   ASSERT_TRUE(https_server_expired.Start());

   const PrefService* const prefs = browser()->profile()->GetPrefs();
   EXPECT_TRUE(prefs->GetBoolean(prefs::kSSLErrorOverrideAllowed));

   // Disallowing the proceed link by setting the policy to |false|.
   PolicyMap policies;
   policies.Set(key::kSSLErrorOverrideAllowed, POLICY_LEVEL_MANDATORY,
                POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, base::Value(false),
                nullptr);
   UpdateProviderPolicy(policies);

   // Policy should not allow overriding anymore.
   EXPECT_FALSE(prefs->GetBoolean(prefs::kSSLErrorOverrideAllowed));

   // Policy disallows overriding - navigate to an SSL error page and expect no
   // proceed link.
   ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
   content::WebContents* tab =
       browser()->tab_strip_model()->GetActiveWebContents();
   WaitForInterstitial(tab);

   // The interstitial should not display the proceed link.
   EXPECT_FALSE(chrome_browser_interstitials::IsInterstitialDisplayingText(
       tab->GetMainFrame(), "proceed-link"));

   // The interstitial should not proceed, even if the command is sent in
   // some other way (e.g., via the keyboard shortcut).
   SendInterstitialCommand(tab, security_interstitials::CMD_PROCEED);
   EXPECT_TRUE(IsShowingInterstitial(tab));
 }

 }  // namespace policy
	// Copyright 2020 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "chrome/browser/interstitials/security_interstitial_page_test_utils.h"
	#include "chrome/browser/policy/policy_test_utils.h"
	#include "chrome/browser/profiles/profile.h"
	#include "chrome/browser/ui/browser.h"
	#include "chrome/common/pref_names.h"
	#include "chrome/test/base/ui_test_utils.h"
	#include "components/policy/core/common/policy_map.h"
	#include "components/policy/core/common/policy_types.h"
	#include "components/policy/policy_constants.h"
	#include "components/prefs/pref_service.h"
	#include "content/public/browser/web_contents.h"
	#include "content/public/test/browser_test.h"
	#include "content/public/test/browser_test_utils.h"
	#include "net/test/embedded_test_server/embedded_test_server.h"
	#include "testing/gtest/include/gtest/gtest.h"
	#include "url/gurl.h"

	namespace policy {

	// Test that when SSL error overriding is allowed by policy (default), the
	// proceed link appears on SSL blocking pages.
	IN_PROC_BROWSER_TEST_F(PolicyTest, SSLErrorOverridingAllowed) {
	net::EmbeddedTestServer https_server_expired(
	net::EmbeddedTestServer::TYPE_HTTPS);
	https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
	https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data");
	ASSERT_TRUE(https_server_expired.Start());

	const PrefService* const prefs = browser()->profile()->GetPrefs();

	// Policy should allow overriding by default.
	EXPECT_TRUE(prefs->GetBoolean(prefs::kSSLErrorOverrideAllowed));

	// Policy allows overriding - navigate to an SSL error page and expect the
	// proceed link.
	ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
	content::WebContents* tab =
	browser()->tab_strip_model()->GetActiveWebContents();
	WaitForInterstitial(tab);

	// The interstitial should display the proceed link.
	EXPECT_TRUE(chrome_browser_interstitials::IsInterstitialDisplayingText(
	tab->GetMainFrame(), "proceed-link"));
	}

	// Test that when SSL error overriding is disallowed by policy, the
	// proceed link does not appear on SSL blocking pages and users should not
	// be able to proceed.
	IN_PROC_BROWSER_TEST_F(PolicyTest, SSLErrorOverridingDisallowed) {
	net::EmbeddedTestServer https_server_expired(
	net::EmbeddedTestServer::TYPE_HTTPS);
	https_server_expired.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
	https_server_expired.ServeFilesFromSourceDirectory("chrome/test/data");
	ASSERT_TRUE(https_server_expired.Start());

	const PrefService* const prefs = browser()->profile()->GetPrefs();
	EXPECT_TRUE(prefs->GetBoolean(prefs::kSSLErrorOverrideAllowed));

	// Disallowing the proceed link by setting the policy to \|false\|.
	PolicyMap policies;
	policies.Set(key::kSSLErrorOverrideAllowed, POLICY_LEVEL_MANDATORY,
	POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, base::Value(false),
	nullptr);
	UpdateProviderPolicy(policies);

	// Policy should not allow overriding anymore.
	EXPECT_FALSE(prefs->GetBoolean(prefs::kSSLErrorOverrideAllowed));

	// Policy disallows overriding - navigate to an SSL error page and expect no
	// proceed link.
	ui_test_utils::NavigateToURL(browser(), https_server_expired.GetURL("/"));
	content::WebContents* tab =
	browser()->tab_strip_model()->GetActiveWebContents();
	WaitForInterstitial(tab);

	// The interstitial should not display the proceed link.
	EXPECT_FALSE(chrome_browser_interstitials::IsInterstitialDisplayingText(
	tab->GetMainFrame(), "proceed-link"));

	// The interstitial should not proceed, even if the command is sent in
	// some other way (e.g., via the keyboard shortcut).
	SendInterstitialCommand(tab, security_interstitials::CMD_PROCEED);
	EXPECT_TRUE(IsShowingInterstitial(tab));
	}

	} // namespace policy